Debian

Debian Linux

9979 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2021-46784

  • EPSS 16.36%
  • Veröffentlicht 17.07.2022 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:34:42

In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.

8.8

CVE-2022-30550

  • EPSS 0.31%
  • Veröffentlicht 17.07.2022 19:15:18
  • Zuletzt bearbeitet 23.05.2025 16:43:11

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definiti...

9.1

CVE-2022-35409

Exploit
  • EPSS 1.66%
  • Veröffentlicht 15.07.2022 14:15:09
  • Zuletzt bearbeitet 21.11.2024 07:11:07

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This ca...

6.5

CVE-2022-23825

  • EPSS 0.14%
  • Veröffentlicht 14.07.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:49:19

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.

8.1

CVE-2022-32212

  • EPSS 0.06%
  • Veröffentlicht 14.07.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:56

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making D...

6.5

CVE-2022-32213

Exploit
  • EPSS 87.68%
  • Veröffentlicht 14.07.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:56

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).

6.5

CVE-2022-32214

Exploit
  • EPSS 39.29%
  • Veröffentlicht 14.07.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:56

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).

6.5

CVE-2022-32215

Exploit
  • EPSS 86.47%
  • Veröffentlicht 14.07.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:05:56

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

7.8

CVE-2022-29187

  • EPSS 0.07%
  • Veröffentlicht 12.07.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:58:40

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue ...

6.5

CVE-2022-29900

  • EPSS 1.41%
  • Veröffentlicht 12.07.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:59:55

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.